package com.cyj.securitydemo1.controller;

import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@Slf4j
@RestController
@RequestMapping("/user")
public class UserController {
    @PostMapping("/login")
    public String login(String username, String password) {
        log.info("登录用户名：{}，密码：{}", username, password);
        return "hello security";
    }

    @GetMapping("/index")
    public String index() {
        return "hello index";
    }

    @GetMapping("/update")
//    @Secured(value = {"ROLE_admins","ROLE_sale"}) //角色
//    @PreAuthorize("hasAnyAuthority('admins')")  //权限，方法之前
//    @PostAuthorize() //方法之后校验
    public String update() {
        return "hello update";
    }
}
